-
February 22nd, 2004, 10:58 PM
#1
The End of Buffer Overflows!
New Scientist 21 February 2004 P 21 "Chips to ease Microsoft's big securtity nightmare"
It seems that intel & amd are about to release the latest version of their processors which, coupled with a new version of Windows XP, will prevent buffer overflows.
... chip makers Advance Micro Devices (AMD) and Intel are developing processor chips that will deal with the [buffer overflow] problem. AMD's Athlon-64 (for PCs) and Opteron (for servers) will protect against buffer overflows when used with a new version of Windows XP.
The new chips/XP work by identifying memory as either executable code or data and prevent data from overwriting code and code jumping to execute data.
A very good idea IMO
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
February 23rd, 2004, 12:31 AM
#2
LOL, wait until an exploit is discovered on how the processor makes logical descisions. The exploit will go something like this: By passing 400 gigs of specially crafted data to the processor, you can overwhelm it and cause an overflow condition...
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
February 23rd, 2004, 01:26 AM
#3
Here's a thought... how about they just go back to basics and check the actual code for potential overflows?? Rather than designing in security, this just sounds like another after-the-fact patch job. Granted a rather interesting patch...
alpha
-
February 23rd, 2004, 01:31 AM
#4
By passing 400 gigs of specially crafted data to the processor, you can overwhelm it and cause an overflow condition...
Horsey,
I don't doubt your reasons for thinking this (your a very smart dude... and it amazes me how much you know)... but tell me... where in the hell are you going to get 400gigs of info to pass to it? Most people don't have this kind of data at hand... And if you did have 400gigs, how would you to pass that kind of data over the internet, or even over a lan/wan... it'd take quite a while... and even if they did have a connection that would support that kind of dataflow... then couldn't one just throttle their bandwidth to allow the CPU to process it?
I think I *might* have 300gigs of data... but thats on *ALL* my PCs at home.
Now... on my work servers, its a bit different... especially when optical storage comes into play.
So, you're thinking local exploit?
Can you elaborate on this a bit more?
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
February 23rd, 2004, 01:43 AM
#5
LOL @ Phisshy.
Yep, the explanation is quite simple - I was kidding.
However, whenever you take an approach like this to solve a problem rather than fixing the true problem, I wouldn't be surprised to read something like that.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
February 23rd, 2004, 02:43 AM
#6
ok... I was seriously sitting here thinking how in the hell something like that was possible...
I should have known better... lol
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
February 23rd, 2004, 04:20 AM
#7
That's pretty cool. Although if it's hardware, it's more expensive, and harder to change. Besides, why should IBM clean up after MS?
-Cheers-
-
February 23rd, 2004, 04:55 AM
#8
I think it's sad that chip vendors have to covers M$'s butt, but hey, if it works, that's fine with me as long as M$ doesn't implement some type of security lockout (ie, you don't have one of these chips, XP won't operate).
Is there a sum of an inifinite geometric series? Well, that all depends on what you consider a negligible amount.
-
February 23rd, 2004, 06:09 AM
#9
the latest version of their processors which, coupled with a new version of Windows XP
I am not buying that. With the above quote tells me it is another marketing ploy for MS and chip manufacturers. While it may improve preventing buffer overflows, but I do not know with so many variables, programming languages, boredom of malicious programmers or other things, there is always going to be something that has stood the test of time. If you can build it, it can be broken.
-
February 23rd, 2004, 07:53 AM
#10
From the sounds of it the companies would have to really think that this is feasable to even consider mass-producing it; and turn a profit. Either that or they have been passed some huge amounts of $$$ for this to take place. I don't have any info (inside or otherwise) on either view, but if it is true it would definately give M$ enormous bragging advantages.
My best place to pin this down would be to ask if Linux programmers (and everyone else) will be given information on flagging code as either Executable or Data. If they are given the information for programming these new processors, then everyone wins. But only Microsoft will be the ones cheering and advertising it...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|